Skip to content

fix: replace from_utf8_unchecked with from_utf8_lossy in SqliteError#4202

Merged
abonander merged 1 commit intolaunchbadge:mainfrom
joaquinhuigomez:fix/sqlite-error-utf8-safety
Apr 6, 2026
Merged

fix: replace from_utf8_unchecked with from_utf8_lossy in SqliteError#4202
abonander merged 1 commit intolaunchbadge:mainfrom
joaquinhuigomez:fix/sqlite-error-utf8-safety

Conversation

@joaquinhuigomez
Copy link
Copy Markdown
Contributor

@joaquinhuigomez joaquinhuigomez commented Mar 28, 2026

Replace from_utf8_unchecked with from_utf8_lossy in SqliteError::try_new().

sqlite3_errmsg() can return non-UTF-8 bytes when schema element names contain invalid UTF (e.g. from a malicious or corrupted database file). The current from_utf8_unchecked call is unsound in that case since it constructs an invalid Rust String.

from_utf8_lossy replaces invalid sequences with U+FFFD, which preserves the error message while maintaining soundness. The from_code() path using sqlite3_errstr() is left as-is since SQLite documents that function as returning UTF-8.

Closes #4193

@joaquinhuigomez
fix: replace from_utf8_unchecked with from_utf8_lossy in SqliteError
d233903 
sqlite3_errmsg() returns UTF-8 in practice but the spec does not
guarantee it. Using from_utf8_unchecked is unsound if non-UTF-8
bytes are returned (e.g. from malformed schema element names).

Closes launchbadge#4193
@abonander abonander merged commit 4dc32ec into launchbadge:main Apr 6, 2026
146 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sqlite: SqliteError::try_new() unsafely assumes sqlite3_errmsg() is UTF-8

2 participants

@joaquinhuigomez @abonander